private static ActiveRoleSet parseActiveRoleSet(String name, Set<TSentryRole> allowedRoles) throws SentryUserException { // if unset, then we choose the default of ALL if (name.isEmpty()) { return ActiveRoleSet.ALL; } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) { return new ActiveRoleSet(new HashSet<String>()); } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) { return ActiveRoleSet.ALL; } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) { String msg = "Role " + name + " is reserved"; throw new IllegalArgumentException(msg); } else { if (allowedRoles != null) { // check if the user has been granted the role boolean foundRole = false; for (TSentryRole role : allowedRoles) { if (role.getRoleName().equalsIgnoreCase(name)) { foundRole = true; break; } } if (!foundRole) { //Set the reason for hive binding to pick up throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name); } } return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name))); } }
private static ActiveRoleSet parseActiveRoleSet(String name, Set<TSentryRole> allowedRoles) throws SentryUserException { // if unset, then we choose the default of ALL if (name.isEmpty()) { return ActiveRoleSet.ALL; } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) { return new ActiveRoleSet(new HashSet<String>()); } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) { return ActiveRoleSet.ALL; } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) { String msg = "Role " + name + " is reserved"; throw new IllegalArgumentException(msg); } else { if (allowedRoles != null) { // check if the user has been granted the role boolean foundRole = false; for (TSentryRole role : allowedRoles) { if (role.getRoleName().equalsIgnoreCase(name)) { foundRole = true; break; } } if (!foundRole) { //Set the reason for hive binding to pick up throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name); } } return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name))); } }
null, new ActiveRoleSet(true)); assertEquals(expectedResults, authPrivMap); userGroupNames1, new ActiveRoleSet(true)); assertEquals(expectedResults, authPrivMap); null, new ActiveRoleSet(Sets.newHashSet(roleName1.toUpperCase()))); assertEquals(expectedResults, authPrivMap); ActiveRoleSet roleSet2 = new ActiveRoleSet(Sets.newHashSet(roleName2)); try { client.listPrivilegsbyAuthorizable(user1, authorizableSet, null, roleSet2);
null, new ActiveRoleSet(true)); assertEquals(expectedResults, authPrivMap); userGroupNames1, new ActiveRoleSet(true)); assertEquals(expectedResults, authPrivMap); null, new ActiveRoleSet(Sets.newHashSet(roleName1.toUpperCase()))); assertEquals(expectedResults, authPrivMap); ActiveRoleSet roleSet2 = new ActiveRoleSet(Sets.newHashSet(roleName2)); try { client.listPrivilegesbyAuthorizable(user1, authorizableSet, null, roleSet2);
null, new ActiveRoleSet(testRoleSet)); assertEquals(expectedResults, authPrivMap); testGroupSet, new ActiveRoleSet(testRoleSet)); assertEquals(expectedResults, authPrivMap);
null, new ActiveRoleSet(testRoleSet)); assertEquals(expectedResults, authPrivMap); testGroupSet, new ActiveRoleSet(testRoleSet)); assertEquals(expectedResults, authPrivMap);
assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3")); assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider); listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1")); assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);